As Steve and I were eating dinner at DEFCON last year, the usual topics came up: What were the best talks of the day? Who were the completely lame speakers? What was the best hacker outfit so far? What is the best T-Shirt slogan of the day? What parties are we going to crash tonight? What were the best hacker books (both fiction and non-fiction)? And of course, we debated about which hacker movie is the best of all time. Steve and I have been arguing for years about this one, and, although we never agree, it does not stop us from spending hours rehashing the subject. And we are not alone in this endeavor. This is a favorite subject for hackers of all sorts. It turns out that there are so many ways to look at the question, that I am sure that Steve and I, and all nerds, will continue to ponder it for years to come.

Many hackers have a movie that is near and dear to their heart; a gateway drug so to speak that introduced the idea that hacking was a “thing” that loner losers like us could do it, was cool and could make hot chicks like us. That last part never really came true for me or Steve or anybody we hung out with, but it gave us hope.

What gives you hope? What inspired you? What was your gateway drug in the hacking culture? Please help our research efforts by reading the rest of this article and then taking part in the Best Hacker Movies Survey.

Discuss in Forums {mos_smf_discuss:Special Events}

For our generation, the Generation Xers (born ’61-’78), I make the argument to Steve that “WarGames” was the perfect gateway drug. This is the 1983 classic starring a young Matthew Broderick and Ally Sheedy. According to the “Rotten Tomatoes” website, “WarGames” gets a very high 97% on the Tomatometer and is ranked as the 5th best movie of the year. It also received three Academy Award nominations. The movie is famous for its climactic last analogous line made by the computer – named Joshua – about nuclear war: “The only winning move is not to play.” To my young hacker mind, that hit home as being very profound. And I’m not the only one as it also was the inspiration behind the very hacker con where this discussion took place.

Steve makes the argument that “Sneakers” is the best movie for our generation. This is the 1992 caper movie starring some heavy-hitter actors (Robert Redford, Sidney Poitier, Dan Aykroyd, River Phoenix, Mary McDonnell, David Strathairn, and Ben Kingsley). Rotten Tomatoes gives it a respectable 87% rating, and they list it as being one of the top 35 movies of the year. One of the main writers, Walter Parkes, also helped write WarGames, so there is some nice connective tissue between these two nerd-favorite hacker movies. This movie also showed how hacking and all of its disciplines could actually be a profession and not just about kids locked in their houses with electronics and Coke.

The next generation though, the Generation Yers (born ’79 – ’88), would perhaps point to a different movie that got them started. Likely candidates are “Hackers” starring Angeline Jolie (1995) or “The Matrix” starring Keanu Reeves and Carrie-Anne Moss (1999). But the same general criteria apply about what makes a gateway drug for hacker movies: loner, loser hackers are the heroes and hot chicks like us (Jolie and Moss are prime examples). The question remains though, what is the best hacker movie?
There have been a number of attempts in recent years to list the best hacker movies. Here are just some of the better lists:

1. A hacker movie must feature a hacker; it is insufficient just to have an act of hacking in the movie, the hacker must appear in the movie as being either the main protagonist or antagonist, or at least be a well-developed character with their hacking being integral to the plot.

2. Although they are related genres, not all cyberpunk movies can automatically be considered as hacker movies.

3. Only science fiction movies that feature recognizable hacker scenarios should be included on the list.

4. No animated movies will be included on the list.

5. No movies will be considered whose sole focus is cryptography.

6. No hacker documentaries will be considered, only movies.

He does a great job of thoroughly going through 40 years of movies and identifying 50 that might qualify. Although this is an impressive first cut, both Steve and I found it wanting. I mean, why are animation, cryptography and documentaries excluded? And why does the hacking have to be integral to the plot? Those decisions, and others, seem arbitrary and might leave out some great movies.

For example, in order to qualify for consideration, does the main character have to be a hacker (“Tron” or "The Net") or can the hacker be in a supporting role (“Real Genius”)? Does hacking have to be part of the main plot (“The Italian Job” – 1969 version) or can it just have some hacking in it (“Office Space”)? Does the movie have to accurately depict a real “hack” (“Bourne Ultimatum”) or is it permissible to stylize the hacking (“eXistenZ”)? Even if the hacking depicted is not remotely possible, does it count (“Independence Day”)? Does the movie even have to be good (“The Girl with the Dragon Tattoo” – Swedish version – 87% on the Tomatometer at Rotten Tomatoes) or can it be awful (“Johnny Mnemonic” – 14%)? Can the hacker be a good guy (Neutral Good – played by Ryan Phillippe in “Antitrust”) or a bad guy (Chaotic Evil – played by Michael C. Hall in “Gamer”) or anything in-between (Lawful Evil – played by Richard Pryor in “Superman III”)? Can it be any genre: Action (“Bait”), Cyberpunk (“Blade Runner”), Sci-Fi (“The Thirteenth Floor”), Fantasy (“Justice League – Doom”), Crime (“Untraceable”), Comedy (“Masterminds”), Drama (“Antitrust”), or Romance (“Weird Science”)? And what about non-fiction movies that are not documentaries ("Takedown" and "Pirates of Silicon Valley")? Does porn count (“HaXXXor”)?

The truth is, the answer is yes to all of it. What Steve and I have discovered is that we are not really interested in what exactly is the best hacker movie. That is not the right question. We are interested in a series of questions that will give us debating material for the next couple of decades. But we are looking for some help. Please take the Best Hacker Movies Survey today to help us frame this debate.

Questions:

1. What is your favorite gateway hacker movie that got you interested in hacking?
2. What is your favorite movie where a Hacker is the main character?
3. What is your favorite movie where a Hacker is a supporting character?
4. What is the best movie where one of the hackers is a machine / Artificial Intelligence?
5. What is your favorite movie where hacking is depicted realistically?
6. What is your favorite hacking scene?
7. What is the best use of social engineering in a hacker movie?
8. What is the worst hacker movie of all time (the epic fail that got it all wrong)?

Bonus question that leads to the next debate: What is the best choice of hacker books that should be made into the next hacker movie?

Open question: What category have we missed?

So instead of just creating another list, we want YOUR OPINION to drive the debate forward. This article and associated forum thread may develop into a series to allow the community to address the various aspects of this debate, further articles or a talk at a hacker/security conference. Now let’s hear what you have to say.

Steve Winterfeld has a strong technical and leadership background in Cybersecurity, Certification & Accreditation (C&A), Training, Military Intelligence, Simulations and Project Management. Currently he is TASC Defense/Civil Business Group Technical Director (TD) with additional duties of corporate Cyber TD and Senior CyberWarriorTM Instructor. Past Projects include building the Computer Emergency Response Center (CERT) for US Army South responsible for monitoring security real time then conducting forensic investigations on intrusions and developing the first C&A package for the Global Hawk Unmanned Aerial System (UAS). He holds CISSP, PMP, SANS GSEC, Six Sigma certifications and a MS in Computer Information Systems. He is the Co-Author of "Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners" where he applied his experience as an Army Airborne Ranger, against the new virtual battleground.

As Vice President of Verisign iDefense Security Intelligence Services, Rick Howard leads a multinational network of security experts who deliver exclusive customer access to the most in-depth cyber threat intelligence available. Rick spent the last 5 years working as the iDefense Intelligence director and is now the general manager of the business. Prior to joining iDefense, Rick led the intelligence-gathering activities at Counterpane Internet Security and ran Counterpane’s global network of Security Operations Centers. He served in the US Army for 23 years in various command and staff positions involving information technology and computer security and spent the last 2 years of his career as the US Army’s Computer Emergency Response Team Chief (ACERT). He coordinated network defense, network intelligence and network attack operations for the Army’s global network and retired as a lieutenant colonel in 2004. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1990 to 1995 . He has published many academic papers on technology and security and has contributed as an executive editor to two books that Verisign iDefense personnel have written: “Cyber Fraud: Tactics, Techniques and Procedures” and “Cyber Security Essentials.”

Upcoming Industry Events

CarolinaCon 11 The Last CarolinaCon As We Know It More info coming soon. CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also[...]

InfoSec World 2015 The MISTI team is excited to bring you a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. With a selection of our top-rated[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]

ShowMeCon 2015 St. Louis’ Hacking & Cyber Security Con ShowMeCon. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training[...]